Survey: Most people don’t lock their Android phones — but should

Half of Android users don’t bother to lock their phones, despite having the choice of using patterns, passwords, PINs, and even their faces to secure their devices. This contrasts starkly with a report from the Federal Communications Commission warning that up to 40 percent of robberies in major cities involve cell phones.

More precisely, over 52 percent of people who responded to the Google Consumer Survey I conducted of 1,500 Android users said they prefer to leave their phones unlocked. I conducted this survey using Google Consumer Surveys on Android via the Opinion Reward app.

While entering a PIN code is reported as annoying by the people who responded to my survey, Android does offer a safer and easier alternative called a lock pattern. It provides more possible combinations than a password — a 9-point unlock pattern has a 389,112 possible patterns. Compare that to only 10,000 combinations for a standard four-digit PIN code.

So not only are patterns faster, but they're also safer! And the FBI has said in court documents that they were unable to bypass the lock screen and access the contents of a Samsung phone.

That said, no security is perfect. Both lock patterns and PIN codes can be vulnerable to smudge attacks, as a 2010 Usenix paper illustrates. (See screenshot above.) So whether you use a PIN or a pattern you should change it from time to time. You might also want to go to your phone’s options screen and disable the display of the pattern so people can’t “shouldersurf” it.

Click on the link above to discuss this post on your favorite social network.

Elie Bursztein

I lead Google's anti-abuse research team, which invents ways to protect users against cyber-criminal activities and Internet threats. I blog about web performance and security.